EPOS Security and Compliance Center

EPOS Digital Solutions are built for data security and compliance.

How is EPOS securing your data?

EPOS is committed to applying the highest security and compliance standards when it comes to your data. Internal and external processes and third-party audits are all set up to make EPOS a secure and trusted partner.

Security around EPOS Manager and EPOS Connect

EPOS protects your data at rest and in transit in your on-premise or cloud deployments. Enterprise-grade security with rigorous controls ensures safe and efficient management of your EPOS devices. Baseline requirements follow best practices within the development and hosting of the solutions we offer to our customers.

Data Security

- Data encryption at-rest
- Data encryption in-transit
- Privacy- by-design
- Access Management

Secure Software Development

- Logging and frequent monitoring
- Security-by-design
- Segregation of duties
- Third-party testing

Corporate Security

- Security trainings
- Vendor management
- SOC II policies
- Facilities security

Compliance

EPOS is GDPR compliant and uses the System and Organization Control (SOC) Type I as a framework for yearly audits. These audits verify the top-level security in data storage as well as internal security policies, processes and employee onboarding and training.


The purpose of the SOC II report is to help you understand the controls established by EPOS to support operations and compliance.

Need more information regarding the SOC II report?

Contact us

Downloads

FAQ

Explore EPOS Digital Solutions

  • EPOS Manager

    Save time and drive efficiency through remote update deployments and get insights into how to improve workplace productivity.

    Learn More

  • EPOS Connect

    Update company devices with the latest firmware and personalize audio device settings to ensure flawless operation for end-users.

    Learn more

  • EPOS Developer Portal

    A simple, scalable, and secure platform for partners and customers to access all EPOS APIs and SDKs

    Learn More

Vulnerability Disclosure Policy

Our products comply with mandatory EU directives through either an EU DOC (self-declaration) or an EU type examination certificate.

Learn more

Building and maintaining trust with our customers, partners, and suppliers, are a top priority for EPOS. Our products aim to comply with relevant legislation that requires an appropriate reaction to software vulnerabilities.

EPOS vulnerability disclosure Policy follows the IoT Cybersecurity standard ETSI 303 645.
This policy includes:

  • Contact information for the reporting of issues; and
  • Information on timelines for:
    • Initial acknowledgement of receipt; and
    • Status updates until the resolution of the reported issues.

Contact



Contact software support with your concerns about security and vulnerabilities with subject line: vulnerability_report

Vulnerability Policy timeline:

We handle every report of vulnerability with care.

What You Can Expect

When we receive a report of a possible vulnerability through the EPOS Security and Compliance Center, this is what the sender can expect regarding getting an answer:

  • Initial acknowledgement after 5 days max
  • Status after 4 weeks
  • Resolution answer after 80 days

Our Procedure

The triage of these reports will be done by our Vigilance Evaluation Board, using our internal Procedure called G-600 Vigilance.

The board has a system of vigilance that evaluate the vulnerabilities reports that come in.

They are scored on two parameters 1) Severity of thread & 2) Likelihood of the vulnerability being used.

For More Information

Please also contact us, if you want to hear more about the way we perform this triage, and how the Vigilance Board operates. This could be in the event of a Request for Proposals etc.